Guides

Reference

Guides

Personal access token for Typeform's APIs

To use the Typeform Create, Responses, and Webhooks APIs, you need to pass your personal access token in the Authorization header of your requests. Our Embed SDK doesn't require an access token.

Access tokens are long strings of random characters that look something like this: 943af478d3ff3d4d760020c11af102b79c440513. Your access token is unique to you. We use it to identify you and make sure that only you can access your typeforms and results.

To use our APIs, you need a Typeform account — if you don't have one, head to www.typeform.com to register before you get started here.

NOTE: Anyone with your personal access token can read, update, and delete your typeforms and data, so keep access tokens and your client_id and client_secret codes safe! Also, don't commit to source control with your access token, client_id, or client_secret in your code — use a placeholder like ACCESS_TOKEN instead.

To use the Create and Responses APIs or set up a webhook (for example, with cURL or Postman), you need a personal access token. You must pass a valid personal access token in the Authorization header of every request.